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Netscape Communications Corp. has introduced Secure Courier, a 
cross-platform, open security protocol application that runs on top of the 
company's pipeline security protocol, Secure Sockets Layer (SSL) . By 
using Secure Courier in conjunction with SSL, messages are encrypted and 
sent over a secured channel where they can only be decrypted by those 
authorized in the message. 



Text: 



IN A MOVE TO MORE DIRECTLY compete with the Secure Hypertext Transaction 
Protocol (SHTTP) , Netscape Communications Corp. has introduced Secure 
Courier, a cross-platform, open security protocol application that runs on 
top of the company's pipeline security protocol, Secure Sockets Layer 
(SSL) . By using Secure Courier in conjunction with SSL, messages are 
encrypted and sent over a secured channel where they can o be decrypted by 
those authorized in the message. 

Secure Courier, encrypted with RSA Data Security Corp.'s RC-4 algorithms, 
acts as a "secure digital envelope" for financial dat.a on the Internet. It 
wraps financial transactions in hyper- secure formats and routes them 
between the client and server through credit card gateways, says Charles 
Jadallah, director of financial services for Mountain View, CA-based 
Netscape. 

The new application splits the financial part of a transaction by creating 
two encrypted digital envelopes: one for the purchase order, and the other 
for the sales slip. The sales slip envelope contains consumer financial 
information. 



The encrypted envelopes are routed from the client to the merchant server. 



\ 



At this point, says Jadallah, the merchant's bank can "flip a switch, " 
which would allow the merchant to unwrap the slip envelope. From the 
merchant, the envelopes are routed to the consumer's issuing bank via 
credit card gateways where the secured messages are converted from Internet 
protocol to banking's ISO 8583 protocol. "And each protocol on [the bank] 
end is tweaked a little bit depending on the processor of the banks because 
there are always different implementations of 8583," says Jadallah If the 
transaction is approved, the envelopes go back to the merchant and then to 
the client. 

Secure Courier has attracted several industry players. Intuit Chairman 
Scott Cook is backing the new Netscape protocol. He is applying both Secure 
Courier and SSL to safeguard Intuit 's new financial services server. 
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During the last 20 years, electronic data interchange (EDI), has become a 
robust, structured and secure commerce vehicle for its adherents, which are 
mostly the largest buyers. The Internet clearly has a huge potential as a 
vehicle for electronic commerce, yet the Internet is everything that EDI is 
not. For example, the Internet is everywhere; EDI is a closed community of 
value-added networks (VAN) and predefined trading partner relationships. 
Several approaches - are being developed to utilize the Internet to provide 
the type of exchange of commercial information that was once the sole 
province of EDI . 



Text: 



In late 1993, Tim Berners Lee, the grandfather of the World Wide Web (WWW) 
on the Internet, posed a rhetorical question - and his own response - via 
electronic mail to others trying to establish the new Internet format: "Do 
we really want to draw a line and say that a particular information item is 
commercial and use one paradigm, and [that] another is not really 
commercial so use another paradigm? Of course not. Such lines do not exist" 

His topic was the question of whether the new graphical Internet form-sat 
could be used for the types of electronic commerce communications that 
electronic data interchange (EDI) networks had grown up to support. 
Internet pioneers, often seen as. a collegial, congenial group, perceived a 
competitive threat from EDI networks. In decidedly less- than-altruistic 
fashion, Stephen Williams of Mead Data, the on-line database services 
giant, wrote: "EDI delivery will have an interesting (in my humble opinion) 
influence on the Internet The network that can readily carry the commerce of 
the nation will be the network that the government will want to see grow." 
To its pioneers, the Internet was a solution looking for a problem, and EDI 
was a problem that they wanted to address . 



What is EDI ' s problem? 



Computer to computer communications among trading partners were developed 
to reduce the huge volume of paper required to document their transactions 
Before EDI, each party used its computer to generate the paper output to be 
sent to the other party. The latter then employed an army of people to 
enter the data into its own computer. Both sides traded purchase orders, 
purchase order confirmations, shipping notices, receipts, invoices and 
payment advices - all of which not only increased costs but led to delays 
and opportunities for error. Eliminating the paper trail could yield huge 
savings But even when businesses attempted to deal directly through 
computer, they had trouble implementing the necessary communications. 
Incompatible hardware, communications protocols and data file layouts made 
it difficult to turn one firm's purchase order into another company's sales 
order 

Electronic data interchange (EDI) standards and industry associations were 
developed to bridge these gaps. Under today's EDI, computers communicate 
not directly with one another but rather with common value-added networks 
(VAN) , which are designed to overcome systems differences Each computer has 
only to deal with the accepted VAN standard. Differing communication 
protocols no longer cause incompatibilities, as the VANs support every type 
of data transmission protocol in use. Purchase order files no longer have 
to be altered into sales order formats, since widely available translation 
software handles the mapping of internal data to the EDI standards 

These standards also address such issues as company identification codes, 
data security and authentication, and message delivery notification EDI 
makes the technological aspects of exchanging information between buyers 
and sellers manageable and largely asynchronous. Each party can do as it 
likes internally without worrying about what the other party does - so long 
as both sides respect the common EDI standards. 

During the last 20 years, EDI has become a robust, structured and secure 
commerce vehicle for its adherents, which are mostly the largest buyers: 
automobile manufacturers, major chain retailers, insurance companies. 
Governments, primarily the United States military, also make up a large 
proportion of EDI users These giants have the clout to demand that their 
suppliers deal with them electronically. For these large buyers, investing 
in electronic data interchange offers significant paybacks. However, the 
benefits of the technology are harder to quantify for smaller suppliers. 

This is especially true for suppliers who cannot or do not want to take the 
final step to integrate EDI data into their internal computer systems 
Instead, these suppliers often set up stand-alone systems that simply print 
out the information from the EDI transaction, and then still key-punch it 
into their own order processing systems. They often find that setting up an 
EDI connection is a costly and complex process, involving acquiring new 
computer hardware and software, telephone lines, and VAN accounts. 
Companies that supply several buyers in multiple industries need to deal 
with several different VANs, and different EDI transaction set standards, 
making it an even more complex and expensive undertaking. 

Small buyers also encounter problems in implementing traditional EDI. They 



must initiate the electronic trading partnership and then cajole their 
suppliers into acquiescing. Thus, few small businesses have been able to 
take full advantage of EDI, simply because of the complexity built into the 
system by the larger players. According to a 1995 study by the US. 
Department of Labor and Internal Revenue Service, EDI is used by only about 
40,000 of the roughly 20 million businesses in that country (a similar 
proportion likely exists in Canada) . EDI has become a barrier to entry 
rather than a business enabler, and has tilted rather than levelled the 
playing field. Furthermore, the EDI standards make absolutely no provision 
for conducting- business directly with the consumer. Clearly, realizing the 
benefits of electronic commerce on a wider scale will require a new 
paradigm. 

Enter the Internet 

Once simply a means for communication among government agencies and 
academics, the Internet has become ubiquitous in the 1990s. In Canada and 
the U.S., this electronic communication network is available virtually 
wherever there is a telephone. Internet access software, once available 
only for Unix computers, now exists for everything from IBM AS/400s to 
Apple Macintosh PCs. Every new IBM PC, whether sold with Windows 95 or 
OS/2, offers built-in access to the Internet, requiring nothing more than a 
modem and a phone line (and a credit card!) . Even modems are now built-in. 
Graphical user interfaces or browsers that are as easy to use as word 
processors allow easier Internet use than yesterday's cryptic Unix command 
roots Between them, Microsoft and Netscape alone have literally given away 
millions of World Wide Web browsers Internet communication speeds have 
improved dramatically. Current modems transmit information at the rate of 
15,600 characters and more per second, compared to what was considered a 
fast network connection of 120 characters per second (1,200 baud) only a 
decade ago. Cable modems, which are already a fact of life in New York, are 
coming to North York (and other points throughout Canada) as quickly as the 
cable television companies can upgrade their equipment Allowing 
transmission speeds of 1 million characters per second, these modems make 
Internet communications with customers or suppliers halfway around the world 
as convenient as LAN connections to the office server down the hall. 

The Internet clearly has a huge potential as a vehicle for electronic 
commerce. Yet the Internet is everything that EDI is not The Internet is 
everywhere: EDI is a closed community of VANs and predefined trading 
partner relationships The Internet is open, accessible and unsecured EDI 
networks are accessible only to registered users (surfers and hackers 
specifically excluded) . Internet browsers, with their Hypertext Mark-up 
Language (HTML), are easy to adapt to many types of information exchange: 
the EDI x.12 and EDIFACT standards are highly structured and rigid Setting 
up Internet access can be a do-it-yourself project: EDI implementation is 
generally considered to be a major systems development project, not to be 
undertaken without an army of consultants. 

Proponents of each of these forms of inter-business communications can 
offer compelling reasons about why the other side cannot possibly assume 
their role. But the arguments sound much like the arguments of the early 
'80s about whether or not PCs were simply a passing fad The Internet 
appears just unlikely to fade away. For its part, structured EDI has a long 



history of facilitating the flow of business information, and the 
significant investments that have been made in EDI systems will not easily 
be abandoned. Both forms will evolve and, in all likelihood, converge. 

Buying and selling, Internet-style 

Several approaches are being developed to utilize the Internet to provide 
the type of exchange of commercial information that was once the sole 
province of EDI The simplest role of the Internet is to provide inexpensive 
access to established value-added networks Internet access eliminates 
long-distance costs in many parts of the country and eliminates the need 
for special data communications lines IBM's Advantis communications 
division, which is both an EDI VAN and an Internet service provider, is one 
company that provides this capability. In Canada, the federal government's 
Open Bidding Service, while admittedly not strictly a user of EDI, can now 
be reached from the Internet in addition to its proprietary network. 
A more significant role for the Internet involves using Internet e-mail to 
bypass the VANs completely. Regular EDI x.12 structured transactions are 
treated as a special type of e-mail attachment by the Multipurpose Internet 
Message Extensions (MIME) standard. At the receiving end, the messages can 
simply be printed out, without further need for translation, or EDI 
translation software can upload them into sales order systems to avoid 
manual data entry. Major EDI translation software vendors such as Sterling 
Software, DNS Worldwide and Premenos already provide this type of function, 
and other EDI software developers are expected to follow suit. 

Diverging even further from EDI transaction standards are remote order 
entry systems that use the Internet to send and receive data in the 
specific formats required by various order processing systems. Says Tracy 
Broadbent, CMA, president of Bravo Software Group, which has developed such 
a system for use with the Accpac order processing system, "Our software 
uses the Internet to directly send orders from buyers to sellers without 
the need for VANs and VAN interconnects, and without the need for EDI 
translation software." 

Lastly, the Internet can be used to interconnect companies without any of 
the standard structure of EDI. The least structured approach is to 
incorporate the text of a purchase order in the body of a simple e-mail 
message. Each company uses its own PO format, and the receiving company 
simply prints out the e-mail message and uses it as if it were a 
traditional paper document A more structured approach - at least from the 
seller's point of view - is to use a "f ill-in-the-blanks" form on the World 
Wide Web. This enables the buyer to enter data in a format that can be 
directly imported into the seller's sales order processing system. On-line 
catalogues extend this approach, giving the buyer more information about 
the product before ordering. Major database software suppliers, such as 
Oracle and IBM, provide links between data stored in their relational 
databases and WWW servers These servers can provide prospective customers 
with extensive product information on demand, even including audio and 
video clips. As the data are entered by the customer in the format required 
by the seller's system, there is no need to translate EDI-standard data 
formats. One example is the on-line member services order form maintained 
by The Society of Management Accountants of Canada at www.cma-canada.org. A 
hybrid system available from Dynamic Web Transaction Systems 



(sales@dynamicweb.com) uses the -World Wide Web to capture purchase order 
transactions from small, non-EDI customers It then converts them into 
standard EDI x.12 purchase order transactions that can be merged with pure 
EDI messages from larger trading partners. 

Industry watchers appear divided about the ability of the- Internet to 
become a medium of business transactions. Acknowledging that business is 
concerned about transaction security, Nigel Wood, vice-president of 
technology with the EDI Council of Canada, says, " Internet -based 
organizations such as CommerceNet have the potential to displace 
established VANs." As with most aspects of business, competition leads to 
improvements that might not otherwise be made. Internet -based commerce will 
certainly give traditional EDI a good run for its money. 

Author Affiliation: George Socks CMAc CMC, cMc, is a management consultant 
specializing in information systems planning and management, and a regular 
contributor to CMA magazine. 
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